Support Centre

Baden-Württemberg

Summary

Law: State Data Protection Act ('LDSG') 2018 (only available in German here)

Regulator: Baden-Württemberg data protection authority ('LfDI Baden-Württemberg')

Summary: The LDSG provides for derogations from the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and data protection requirements within Baden-Württemberg, including, among other things, limiting the exercise of certain data subject rights, setting out requirements related to special processing purposes, and detailing certain legal bases for processing. Much of the LDSG considers exemptions from the GDPR for activities in the public sector. The LDSG establishes the LfDI Baden-Württemberg. The LfDI Baden-Württemberg is an active authority and regularly releases guidance covering a wide range of topics, such as joint controllership, data breaches, and consent, as well as issuing additional material such as templates and FAQs.

Insights

On 4 March 2022, the Baden-Württemberg data protection authority ('LfDI Baden-Württemberg') published its frequently asked questions ('FAQs') on cookies and tracking by website operators and smartphone app developers. The FAQs are meant to complement the German Data Protection Conference's ('DSK') guidelines ('the Guidelines') on the new Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia of 23 June 2021 ('TTDSG'), published in December 2021.1 Unlike the Guidelines, the FAQs of the LfDI Baden-Württemberg specify the application of the legal requirements in greater detail. The FAQs contain a 16-page list of negative examples for obtaining consent that indicate a very strict interpretation of the requirements of the TTDSG and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').

Dr Carlo Piltz and Philip Schweers, from Piltz Legal, illustrate and discuss some of these examples, whilst also taking a look at recommendations for the use of cookies without obtaining consent.

On 1 October 2021, the Baden-Württemberg data protection authority ('LfDI Baden-Württemberg') published an updated version1 of its 2020 guidelines2 on data transfers to third countries ('the Guidelines'). The Guidelines enable companies to get a clearer picture of the LfDI Baden-Württemberg's legal opinions on the matter and support them with concrete proposals for supplementary measures for Standard Contractual Clauses ('SCCs'). Philipp Quiel, Counsel at Piltz Legal, summarises the most important changes and provides insights on the views of the LfDI Baden-Württemberg and its advice for companies under its supervision.